蓝森林首页 | 返回主页 | 本站地图 | 站内搜索 | 联系信箱 |
 您目前的位置:首页 > 自由软件 > 技术交流 > 网络通讯


    

蓝森林 http://www.lslnet.com 2006年7月26日 13:28

各位大哥帮看一下我PIX的配置!!!!


PIX525另外增加了一块四口的网卡,分别接四个不同网段的IP地址。现在怎样可以让四个网段能相互访问?帮帮忙。。加急。。。!!
pixfirewall# sh run
: Saved
:
PIX Version 6.3(1)
interface ethernet0 100full
interface ethernet1 100full
interface ethernet2 100full
interface ethernet3 100full
interface ethernet4 100full
interface ethernet5 100full
nameif ethernet0 outside security0
nameif ethernet1 dmz security50
nameif ethernet2 inside security100
nameif ethernet3 intf3 security90
nameif ethernet4 intf4 security80
nameif ethernet5 intf5 security70
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd RLPMUQ26KL4blgFN encrypted
hostname pixfirewall
domain-name cisco.com
fixup protocol ftp 21
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
fixup protocol http 80
no fixup protocol ils 389
no fixup protocol rsh 514
no fixup protocol rtsp 554
no fixup protocol sip 5060
no fixup protocol sip udp 5060
no fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
names
access-list acl_out permit ip any any
access-list acl_in permit ip any any
pager lines 24
mtu outside 1500
mtu dmz 1500
mtu inside 1500
mtu intf3 1500
mtu intf4 1500
mtu intf5 1500
ip address outside 220.173.63.46 255.255.255.240
ip address dmz 192.168.62.100 255.255.255.0
ip address inside 10.202.133.241 255.255.255.0
ip address intf3 8.8.8.11 255.255.255.0
ip address intf4 134.202.9.49 255.255.255.0
ip address intf5 9.9.9.11 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address dmz
no failover ip address inside
no failover ip address intf3
no failover ip address intf4
no failover ip address intf5
failover link intf5
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (dmz) 1 192.168.62.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
alias (dmz) 192.168.62.100 220.173.63.46 255.255.255.255
alias (inside) 10.202.133.241 220.173.63.46 255.255.255.255
alias (intf3) 8.8.8.11 220.173.63.46 255.255.255.255
alias (intf4) 134.202.9.49 220.173.63.46 255.255.255.255
alias (intf5) 9.9.9.11 220.173.63.46 255.255.255.255
static (inside,outside) tcp 220.173.63.46 https 8.8.8.200 https netmask 255.255.
255.255 0 0
static (inside,outside) tcp 220.173.63.46 www 8.8.8.2 www netmask 255.255.255.25
5 0 0
static (inside,outside) tcp 220.173.63.46 ftp 10.202.133.99 ftp netmask 255.255.
255.255 0 0
access-group acl_out in interface outside
access-group acl_in in interface dmz
access-group acl_in in interface inside
conduit permit icmp any any
conduit permit tcp host 220.173.63.46 eq www any
conduit permit tcp host 22.173.63.46 eq ftp any
conduit permit tcp host 22.173.63.46 eq www any
conduit permit tcp host 22.173.63.46 eq https any
route outside 0.0.0.0 0.0.0.0 220.173.63.46 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet 220.173.63.32 255.255.255.240 outside
telnet 192.168.62.0 255.255.255.0 dmz
telnet 10.202.133.0 255.255.255.0 inside
telnet 8.8.8.0 255.255.255.0 intf3
telnet 134.202.9.0 255.255.255.0 intf4
telnet timeout 5
ssh 220.173.63.32 255.255.255.240 outside
ssh 192.168.62.0 255.255.255.0 dmz
ssh 9.9.9.0 255.255.255.0 intf5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:9302fb8fb0c1593d15b635cc8e24b92a
: end

route到各个interface

能给出详细点的做法吗?

access-list 100 permit 10.0.0.0 255.255.255.0 8.8.8.0 255.255.255.0
access-list 100 permit 10.0.0.0 255.255.255.0 9.9.9.0 255.255.255.0
access-list 100 permit 10.0.0.0 255.255.255.0 134.202.9.0 255.255.255.0

nat (inside) 0 access-list 100

access-group acl_out in interface intf3
access-group acl_out in interface int4
access-group acl_out in interface intf5

麦客属马

不行呀。输入以上命令提示:
ERROR: invalid protocol 10.0.0.0

access-list 100 permit IP 10.0.0.0 255.255.255.0 8.8.8.0 255.255.255.0

pixfirewall(config)# access-list permit IP 10.0.0.0 255.255.255.0 8.8.8.0 255.$
ERROR:<IP> not a valid permission
Usage: [no] access-list compiled
[no] access-list deny-flow-max <n>
[no] access-list alert-interval <secs>
[no] access-list <id> compiled
[no] access-list <id> [line <line-num>] remark <text>
[no] access-list <id> [line <line-num>] deny|permit
<protocol>|object-group <protocol_obj_grp_id>
<sip> <smask> | interface <if_name> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
<dip> <dmask> | interface <if_name> | object-group <network_obj_grp_id>
[<operator> <port> [<port>] | object-group <service_obj_grp_id>]
[log [disable|default] | [<level>] [interval <secs>]]
[no] access-list <id> [line <line-num>] deny|permit icmp
<sip> <smask> | interface <if_name> | object-group <network_obj_grp_id>
<dip> <dmask> | interface <if_name> | object-group <network_obj_grp_id>
[<icmp_type> | object-group <icmp_type_obj_grp_id>]
[log [disable|default] | [<level>] [interval <secs>]]
Restricted ACLs for route-map use:
[no] access-list <id> deny|permit {any | <prefix> <mask> | host <address>}
pixfirewall(config)#

还是出现同样的错误。

access-list 100 permit IP 10.0.0.0 255.255.255.0 8.8.8.0 255.255.255.0
你少了,acl的ID号。
[ 关闭窗口 ]


Copyright © 1999-2000 LSLNET.COM. All rights reserved. 蓝森林网站 版权所有。 E-mail : webmaster@lslnet.com